It's still too early to estimate the total costs to U.S. credit unions from the Target card breach, according to executives whose organizations are tracking the numbers.

CUNA said it will collect loss data from all card-issuing credit unions, but stressed that participation in the survey would be voluntary. However, CUNA Spokesman Ben Fishel said the association hoped for a good response due to the large number of cards compromised.

“Frankly, we started collecting the data because we anticipated some lawmakers might want to see it,” Fishel explained, adding that CUNA might release the survey data as a summary.

Ann Davidson, senior consultant for risk management at CUNA Mutual Group, the primary insurer for the majority of U.S. credit unions, said it was still too early to calculate losses from the breach because the card brands have not yet released lists of all compromised card numbers.

Until the card brands and processors deliver all the lists, it is impossible for credit unions to know how many cards might be compromised, what their responses will be and the associated costs, she said.

Another lingering question is what the breach might mean to the PCI Data Standard, which card brands and processors have promulgated to help defend credit and debit cards from these sorts of breaches.

Bob Russo, general manager of the PCI Security Standards Council, said standards are merely the beginning of protection against theft, not the complete solution.

“It's important to remember that the PCI DSS is the floor for card data security, not the ceiling,” he said. “A card data environment is under constant threat, so businesses must ensure their safeguards are also under constant vigilance, monitoring and where necessary, ongoing improvement. A layered approach to security is absolutely necessary to protect sensitive payment card data – without ongoing vigilance or a comprehensive security strategy, organizations may be just a change control away from noncompliance. Organizations must make protecting cardholder data a daily priority, not a one-time exercise, he added.

“An intrusion need not result in card data compromise if an organization is following the 12 guiding requirements of the PCI DSS,” Russo said.

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.